Thanks Lennart! Proxy roles do sound like the answer, but I cannot get them working. When I restrict my private script so that only Managers have View permissions and give my public script Manager proxy roles, I am still prompted for a login box when I try to view the public script. When I cancel, I get the following error:
Error Type: Unauthorized Error Value: You are not allowed to access 'meta_type' in this context This is different from the standard "You are not authorized to access this resource. No Authorization header found." error which I get when I try to access the private script directly, but conveys little to me. What does it mean and how do I fix it? On 2/11/06, Lennart Regebro <[EMAIL PROTECTED]> wrote: > On 2/11/06, Michael Shulman <[EMAIL PROTECTED]> wrote: > > Is there a way in Zope to restrict permissions for direct access only > > (i.e. calling an object through the web) but still allow indirect > > access (i.e. executing an object that was called by another object > > that was called through the web)? > > Yes. If that "other object" is disk-based python, it is most likely > able to do it already. If it is a python-script, you can set it up to > have a proxy role. That way your auxiliary scripts can all require > manager roles, and you can give the scripts that need to call them the > Manager proxy-role > > > Feel free to tell me that I am misunderstanding the way security > > works, or is supposed to work, in Zope, or that if this is something I > > need to do I am designing my site incorrectly from the point of view > > of Zope security (and if so, what is the correct way to design it?). > > No you seem to have got it. Although the next time you do something > that complex you might want to look into making a disk-based prodct > instead. It's often easier for complex features. > > -- > Lennart Regebro, Nuxeo http://www.nuxeo.com/ > CPS Content Management http://www.cps-project.org/ > > _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )